A package manager for Kubernetes, enabling the definition, installation, and management of applications through reusable Helm charts, simplifying deployment, upgrades, and version-controlled release management.
Getting Started
To pull the image:
docker pull registry.hardened.eu/library/helm:latest
Verifying Image Signatures
All Hardened B.V. images are signed using cosign. You can verify the signature using the following steps:
Save the public key:
cat >hardened.pub <<EOL
-----BEGIN PUBLIC KEY-----
MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEbxhUFlXkIIbDzdRAR9rc6kDPNb+k
J48lhqqlOMyiq3jkbKXNj2sEFMduFlNh63MrZA59PKf4TjS1AiCrvaFXNA==
-----END PUBLIC KEY-----
EOL
Verify the image signature:
cosign verify --key hardened.pub registry.hardened.eu/library/helm:latest
The verification will show the signature details and confirm the image’s authenticity.
To verify the SBOM, run the following command:
cosign verify-attestation --type spdxjson --key hardened.pub registry.hardened.eu/library/helm:latest
To download the SBOM, run the same command and decode it:
cosign verify-attestation --type spdxjson --key hardened.pub registry.hardened.eu/library/helm:latest | jq -r .payload | base64 -d | jq -r .predicate > helm-spdx.json
Trademarks
This software is packaged by Hardened B.V. All trademarks are property of their respective owners. Use of these images does not imply any affiliation or endorsement.
The latest tag is only public. Contact us for detailed information.
| Hash | Tag | Size (compressed) | Last updated | Actions |
|---|---|---|---|---|
| sha256:a10b7dac51f21... |
latest
x86_64
|
34.78 MB | 13:53:08 24/10/2025 UTC (Calculating...) | |
| •••••••••••• | •••••••••••• | •••••••••••• | •••••••••••• | Contact Hardened |
| Package | Version | License |
|---|---|---|
| alpine-os-release | 3.22-r2 | MIT |
| busybox | 10.0.0-r0 | GPL-2.0-only |
| ca-certificates-bundle | 20250911-r0 | (MPL-2.0 AND MIT) |
| dario.cat/mergo | v1.0.1 | - |
| github.com/BurntSushi/toml | v1.5.0 | - |
| github.com/MakeNowJust/heredoc | v1.0.0 | - |
| github.com/Masterminds/goutils | v1.1.1 | - |
| github.com/Masterminds/semver/v3 | v3.4.0 | - |
| github.com/Masterminds/sprig/v3 | v3.3.0 | - |
| github.com/Masterminds/squirrel | v1.5.4 | - |
| github.com/Masterminds/vcs | v1.13.3 | - |
| github.com/asaskevich/govalidator | v0.0.0-20230301143203-a9d515a09cc2 | - |
| github.com/beorn7/perks | v1.0.1 | - |
| github.com/blang/semver/v4 | v4.0.0 | - |
| github.com/cespare/xxhash/v2 | v2.3.0 | - |
| github.com/chai2010/gettext-go | v1.0.2 | - |
| github.com/containerd/containerd | v1.7.28 | - |
| github.com/containerd/errdefs | v0.3.0 | - |
| github.com/containerd/log | v0.1.0 | - |
| github.com/containerd/platforms | v0.2.1 | - |
| github.com/cpuguy83/go-md2man/v2 | v2.0.6 | - |
| github.com/cyphar/filepath-securejoin | v0.4.1 | - |
| github.com/davecgh/go-spew | v1.1.1 | - |
| github.com/davecgh/go-spew | v1.1.2-0.20180830191138-d8f796af33cc | - |
| github.com/distribution/reference | v0.6.0 | - |
| github.com/emicklei/go-restful/v3 | v3.11.0 | - |
| github.com/emicklei/go-restful/v3 | v3.12.2 | - |
| github.com/evanphx/json-patch | v5.9.11+incompatible | - |
| github.com/exponent-io/jsonpath | v0.0.0-20210407135951-1de76d718b3f | - |
| github.com/fatih/camelcase | v1.0.0 | - |
| github.com/fatih/color | v1.13.0 | - |
| github.com/fxamacker/cbor/v2 | v2.7.0 | - |
| github.com/fxamacker/cbor/v2 | v2.9.0 | - |
| github.com/go-errors/errors | v1.4.2 | - |
| github.com/go-gorp/gorp/v3 | v3.1.0 | - |
| github.com/go-logr/logr | v1.4.2 | - |
| github.com/go-openapi/jsonpointer | v0.21.0 | - |
| github.com/go-openapi/jsonreference | v0.20.2 | - |
| github.com/go-openapi/swag | v0.23.0 | - |
| github.com/gobwas/glob | v0.2.3 | - |
| github.com/gofrs/flock | v0.12.1 | - |
| github.com/gogo/protobuf | v1.3.2 | - |
| github.com/google/btree | v1.1.3 | - |
| github.com/google/gnostic-models | v0.6.9 | - |
| github.com/google/gnostic-models | v0.7.0 | - |
| github.com/google/go-cmp | v0.7.0 | - |
| github.com/google/shlex | v0.0.0-20191202100458-e7afc7fbc510 | - |
| github.com/google/uuid | v1.6.0 | - |
| github.com/gorilla/websocket | v1.5.4-0.20250319132907-e064f32e3674 | - |
| github.com/gosuri/uitable | v0.0.4 | - |
| github.com/gregjones/httpcache | v0.0.0-20190611155906-901d90724c79 | - |
| github.com/hashicorp/errwrap | v1.1.0 | - |
| github.com/hashicorp/go-multierror | v1.1.1 | - |
| github.com/huandu/xstrings | v1.5.0 | - |
| github.com/jmoiron/sqlx | v1.4.0 | - |
| github.com/jonboulle/clockwork | v0.4.0 | - |
| github.com/josharian/intern | v1.0.0 | - |
| github.com/json-iterator/go | v1.1.12 | - |
| github.com/klauspost/compress | v1.18.0 | - |
| github.com/lann/builder | v0.0.0-20180802200727-47ae307949d0 | - |
| github.com/lann/ps | v0.0.0-20150810152359-62de8c46ede0 | - |
| github.com/lib/pq | v1.10.9 | - |
| github.com/liggitt/tabwriter | v0.0.0-20181228230101-89fcab3d43de | - |
| github.com/lithammer/dedent | v1.1.0 | - |
| github.com/mailru/easyjson | v0.7.7 | - |
| github.com/mattn/go-colorable | v0.1.13 | - |
| github.com/mattn/go-isatty | v0.0.17 | - |
| github.com/mattn/go-runewidth | v0.0.9 | - |
| github.com/mitchellh/copystructure | v1.2.0 | - |
| github.com/mitchellh/go-wordwrap | v1.0.1 | - |
| github.com/mitchellh/reflectwalk | v1.0.2 | - |
| github.com/moby/spdystream | v0.5.0 | - |
| github.com/moby/term | v0.5.0 | - |
| github.com/moby/term | v0.5.2 | - |
| github.com/modern-go/concurrent | v0.0.0-20180306012644-bacd9c7ef1dd | - |
| github.com/modern-go/reflect2 | v1.0.2 | - |
| github.com/modern-go/reflect2 | v1.0.3-0.20250322232337-35a7c28c31ee | - |
| github.com/monochromegane/go-gitignore | v0.0.0-20200626010858-205db1a8cc00 | - |
| github.com/munnerz/goautoneg | v0.0.0-20191010083416-a7dc8b61c822 | - |
| github.com/mxk/go-flowrate | v0.0.0-20140419014527-cca7078d478f | - |
| github.com/opencontainers/go-digest | v1.0.0 | - |
| github.com/opencontainers/image-spec | v1.1.1 | - |
| github.com/peterbourgon/diskv | v2.0.1+incompatible | - |
| github.com/pkg/errors | v0.9.1 | - |
| github.com/pmezard/go-difflib | v1.0.1-0.20181226105442-5d4384ee4fb2 | - |
| github.com/prometheus/client_golang | v1.22.0 | - |
| github.com/prometheus/client_model | v0.6.1 | - |
| github.com/prometheus/common | v0.62.0 | - |
| github.com/prometheus/procfs | v0.15.1 | - |
| github.com/rubenv/sql-migrate | v1.8.0 | - |
| github.com/russross/blackfriday/v2 | v2.1.0 | - |
| github.com/santhosh-tekuri/jsonschema/v6 | v6.0.2 | - |
| github.com/shopspring/decimal | v1.4.0 | - |
| github.com/sirupsen/logrus | v1.9.3 | - |
| github.com/spf13/cast | v1.7.0 | - |
| github.com/spf13/cobra | v1.10.1 | - |
| github.com/spf13/cobra | v1.8.1 | - |
| github.com/spf13/pflag | v1.0.5 | - |
| github.com/spf13/pflag | v1.0.9 | - |
| github.com/x448/float16 | v0.8.4 | - |
| github.com/xlab/treeprint | v1.2.0 | - |
| go.opentelemetry.io/otel | v1.33.0 | - |
| go.opentelemetry.io/otel/trace | v1.33.0 | - |
| go.yaml.in/yaml/v2 | v2.4.2 | - |
| go.yaml.in/yaml/v3 | v3.0.4 | - |
| golang.org/x/crypto | v0.41.0 | - |
| golang.org/x/net | v0.38.0 | - |
| golang.org/x/net | v0.42.0 | - |
| golang.org/x/oauth2 | v0.27.0 | - |
| golang.org/x/oauth2 | v0.30.0 | - |
| golang.org/x/sync | v0.12.0 | - |
| golang.org/x/sync | v0.16.0 | - |
| golang.org/x/sys | v0.31.0 | - |
| golang.org/x/sys | v0.35.0 | - |
| golang.org/x/term | v0.30.0 | - |
| golang.org/x/term | v0.34.0 | - |
| golang.org/x/text | v0.23.0 | - |
| golang.org/x/text | v0.28.0 | - |
| golang.org/x/time | v0.12.0 | - |
| golang.org/x/time | v0.9.0 | - |
| google.golang.org/genproto/googleapis/rpc | v0.0.0-20250303144028-a0af3efb3deb | - |
| google.golang.org/grpc | v1.72.1 | - |
| google.golang.org/protobuf | v1.36.5 | - |
| gopkg.in/evanphx/json-patch.v4 | v4.12.0 | - |
| gopkg.in/inf.v0 | v0.9.1 | - |
| gopkg.in/yaml.v3 | v3.0.1 | - |
| helm | 3.19.0-r0 | Apache-2.0 |
| helm.sh/helm/v3 | v0.0.0-20250905035149-3d8990f08366 | - |
| k8s.io/api | - | - |
| k8s.io/api | v0.34.0 | - |
| k8s.io/apiextensions-apiserver | v0.34.0 | - |
| k8s.io/apimachinery | - | - |
| k8s.io/apimachinery | v0.34.0 | - |
| k8s.io/apiserver | v0.34.0 | - |
| k8s.io/cli-runtime | - | - |
| k8s.io/cli-runtime | v0.34.0 | - |
| k8s.io/client-go | - | - |
| k8s.io/client-go | v0.34.0 | - |
| k8s.io/component-base | - | - |
| k8s.io/component-base | v0.34.0 | - |
| k8s.io/component-helpers | - | - |
| k8s.io/klog/v2 | v2.130.1 | - |
| k8s.io/kube-openapi | v0.0.0-20250318190949-c8a335a9a2ff | - |
| k8s.io/kube-openapi | v0.0.0-20250710124328-f3f2b991d03b | - |
| k8s.io/kubectl | - | - |
| k8s.io/kubectl | v0.34.0 | - |
| k8s.io/kubernetes | v1.33.5+dirty | - |
| k8s.io/metrics | - | - |
| k8s.io/utils | v0.0.0-20241104100929-3ea5e8cea738 | - |
| k8s.io/utils | v0.0.0-20250604170112-4c0f3b243397 | - |
| kubectl-1.33 | 1.33.5-r1 | Apache-2.0 |
| kubectl-1.33-default | 1.33.5-r1 | Apache-2.0 |
| oras.land/oras-go/v2 | v2.6.0 | - |
| sigs.k8s.io/json | v0.0.0-20241010143419-9aa6b5e7a4b3 | - |
| sigs.k8s.io/json | v0.0.0-20241014173422-cfa47c3a1cc8 | - |
| sigs.k8s.io/kustomize/api | v0.19.0 | - |
| sigs.k8s.io/kustomize/api | v0.20.1 | - |
| sigs.k8s.io/kustomize/kustomize/v5 | v5.6.0 | - |
| sigs.k8s.io/kustomize/kyaml | v0.19.0 | - |
| sigs.k8s.io/kustomize/kyaml | v0.20.1 | - |
| sigs.k8s.io/randfill | v1.0.0 | - |
| sigs.k8s.io/structured-merge-diff/v4 | v4.6.0 | - |
| sigs.k8s.io/structured-merge-diff/v6 | v6.3.0 | - |
| sigs.k8s.io/yaml | v1.4.0 | - |
| sigs.k8s.io/yaml | v1.6.0 | - |
| stdlib | go1.24.9 | BSD-3-Clause |
APACHE-2.0 (permissive)
The Apache License 2.0 is also a permissive license, similar to the MIT License, but with additional protections related... Show more
BSD-3-CLAUSE (permissive)
The BSD 3-Clause License is another permissive license originating from the Berkeley Software Distribution (BSD). It all... Show more
GPL-2.0 (strong-copyleft)
The GNU General Public License version 2 (GPL-2.0) is a strict copyleft license. If you modify and distribute software l... Show more
MIT (permissive)
The MIT License is a highly permissive open-source license. It allows users to do almost anything with a project, includ... Show more
| CVE | Severity | Package | Version | Fixed In | |
|---|---|---|---|---|---|
| CVE-2019-25210 | Medium | helm | 3.19.0-r0 | Not fixed | |
|
An issue was discovered in Cloud Native Computing Foundation (CNCF) Helm through 3.13.3. It displays values of secrets when the --dry-run flag is used. This is a security concern in some use cases, such as a --dry-run call by a CI/CD tool. NOTE: the vendor's position is that this behavior was introduced intentionally, and cannot be removed without breaking backwards compatibility (some users may be relying on these values). Also, it is not the Helm Project's responsibility if a user decides to use --dry-run within a CI/CD environment whose output is visible to unauthorized persons.
|
|||||
Compare Images
Image comparison functionality will be implemented in a future release.